-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathsession.go
94 lines (84 loc) · 2.32 KB
/
session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package applepay
import (
"bytes"
"crypto/tls"
"encoding/json"
"io/ioutil"
"net/http"
"net/url"
"regexp"
"time"
"github.com/pkg/errors"
)
type (
// sessionRequest is the JSON payload sent to Apple for Apple Pay
// session requests
sessionRequest struct {
MerchantIdentifier string `json:"merchantIdentifier"`
DomainName string `json:"domainName"`
DisplayName string `json:"displayName"`
}
)
var (
requestTimeout = 30 * time.Second
)
// Session returns an opaque payload for setting up an Apple Pay session
func (m Merchant) Session(url string) (sessionPayload []byte, err error) {
if m.merchantCertificate == nil {
return nil, errors.New("nil merchant certificate")
}
// Verify that the session URL is Apple's
if err := checkSessionURL(url); err != nil {
return nil, errors.Wrap(err, "invalid session request URL")
}
// Send a session request to Apple
cl := m.authenticatedClient()
buf := bytes.NewBuffer(nil)
_ = json.NewEncoder(buf).Encode(m.sessionRequest())
res, err := cl.Post(url, "application/json", buf)
if err != nil {
return nil, errors.Wrap(err, "error making the request")
}
// Return directly the result
body, _ := ioutil.ReadAll(res.Body)
_ = res.Body.Close()
return body, nil
}
// checkSessionURL validates the request URL sent by the client to check that it
// belongs to Apple
func checkSessionURL(location string) error {
u, err := url.Parse(location)
if err != nil {
return errors.Wrap(err, "error parsing the URL")
}
hostReg := regexp.MustCompile("^(cn-)?apple-pay-gateway(-.+)?.apple.com$")
if !hostReg.MatchString(u.Host) {
return errors.New("invalid host")
}
if u.Scheme != "https" {
return errors.New("unsupported protocol")
}
return nil
}
// sessionRequest builds a request struct for Apple Pay sessions
func (m Merchant) sessionRequest() *sessionRequest {
return &sessionRequest{
MerchantIdentifier: m.identifier,
DomainName: m.domainName,
DisplayName: m.displayName,
}
}
// authenticatedClient returns a HTTP client authenticated with the Merchant
// Identity certificate signed by Apple
func (m Merchant) authenticatedClient() *http.Client {
return &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
Certificates: []tls.Certificate{
*m.merchantCertificate,
},
},
},
Timeout: requestTimeout,
}
}